Let’s look at an example app for allowing your users to manage domains. As part of the API, your users will be able to perform CRUD operations against domains or individual dns records.
1

Creating permissions

Users of our app can have the following permissions:
  • domain.delete_domain
  • domain.dns.create_record
  • domain.dns.read_record
  • domain.dns.update_record
  • domain.dns.delete_record
  • domain.create_domain
  • domain.read_domain
  • domain.update_domain
Create them in your dashboard.
Example permissions
2

Creating roles

And we define the following roles:
  • admin: An admin can do everything
  • dns.manager: Can create, read, update and delete dns records but not access the domain itself
  • read-only: Can read domain or dns record information.
Example roles
Create them in your dashboard too.
3

Connecting

For each role, we need to connect the permissions it should have. Go to /app/authorization/roles and click on the role to go to the permissions screen.
Admin roles
4

Create a key

Now that we have permissions and roles in place, we can connect them to keys.
  1. In the sidebar, click on one of your APIs
  2. In the breakcrumb navigation on the top click Reqests and then keys
    Breadcrumb Navigation
  3. Select one of your existing keys by clicking on it
  4. Scroll down to the Roles section if not visible.
You should now be on /app/keys/key_auth_???/key_???
Unconnected roles and permissions
You can connect a role to your key by clicking on the checkbox.Let’s give this key the dns.manager and read-only roles. A toast message should come up in the lower corner when the action has been completed.
Unconnected roles and permissions
As you can see, now the key now contains 2 roles and 5 permissions shown just above the Roles section:
5

Verifying Permissions

Now you can verify this key and perform permission checks. Read more